FERMA
Latest news

FERMA’s position on the Revision of the Cybersecurity Act

Published on 20 June 2025

FERMA has submitted a response to the European Commission’s consultation on the revision of the Cybersecurity Act, calling for the simplification of cyber reporting requirements.

DOWNLOAD IT HERE

The revision of the Cybersecurity Act is critical to the risk management community for two reasons:

On the one hand, it aims to enhance the overall cybersecurity maturity of the EU as cyber threats are becoming ever more prevalent; according to FERMA Global Risk Manager Survey Report 2024, cyberattacks identified as the most important risk by Risk Managers worldwide.

On the other hand, it seeks to reduce the reporting burden caused by the overlap of multiple EU cyber legislation (GDPR, NIS2, DORA, Cyber Resilience Act etc.) — a concern that FERMA raised in our 2024 Cyber Reporting Stack: Navigating EU requirement white paper.

In our contribution, we advocate for the establishment of a ‘single-point-of-entry system’ for cyber incidents reporting. We also call for the harmonisation of timelines and definitions to ensure the consistent interpretation of EU legislation and reporting standards across member states.

Moreover, FERMA believes that ENISA has an important role to play in enhancing the cyber resilience of the EU economy. We call for ENISA to support industry stakeholder in the form of best practices and guidance to address both technical and non-technical cyber risks, in line with a multi-risk approach compatible with an Enterprise-wide Risk Management (ERM) methodology.

Lastly, we call for cyber risk management processes to be the topic of a dedicated European cybersecurity certification. This would be a clear indicator for relevant stakeholders, such as business partners or insurance providers, that the certified organisation has robust cyber risk management practices in place, which will contribute to fostering trust in the market.

FERMA maintains a watchful eye on next steps and will work with its network to ensure that EU cyber legislation is fit for purpose and straightforward, and contributes to effective cyber risk management practices across the EU.

Tags: cyber reporting stack, cyber security

Share with others

Subscribe to our newsletter

* indicates required
Interests

By subscribing to our newsletter, you agree that we may process your information in accordance with our Privacy policy.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at enquiries@ferma.eu.

We use MailChimp as our marketing platform. By subscribing to our newsletter, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp’s privacy practices here.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Analytics

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.